An interesting story here on another hosting provider looking at the potentially lucrative PCI DSS compliance market. From the Australian IT; “IT security on the cheap“. What concerns me here are promises being made by new entrants into the PCI market. Organisations looking at companies like this, or anyone promoting quick and easy solutions to compliance need to seriously investigate what it is they are getting. Cheap and secure hosting alone does not make for simple PCI DSS compliance, and every customer will have more internal process, procedure and application issues around compliance that may far outweigh in terms of number of requirements satisfied, those statisfied by outsourcing some responsibility out to a third-party.

Compliance with PCI DSS is not cheap and it’s not simple. Anyone who promotes it as cheap and simple should be assessed very carefully.

In recent times, Securus Global has been working with manageNET to develop a truly secure hosting environment for clients and their PCI DSS compliance. Both organisations understand how complex each individual organisation’s requirements can be, so while core secure hosting may not be relatively complex, each individual company’s environments around credit card processing, storage and transmission differ, so all solutions are developed on a client by client basis. If a hosting provider is not doing this, they shouldn’t be in this game. End of discloure.

BTW, the comment in the article; “Meanwhile, merchants that store credit card information would have to complete up to 223 questions every quarter to adhere to PCI DSS guidelines” is wrong obviously. Also, gees I’d be concerned dealing with someone who; “After taking a beating on the stock exchange, BlueFreeway hopes to revive its fortunes with the solution, squarely aimed at small and medium-sized enterprises (SMEs)”